Desktop And Operating System Security Archives

How To Protect Your Business Data

Published in Security on September 17, 2016

It’s impossible to go a week without seeing some reference to a data breach, whether it’s a write up on what happened years ago, or updates on breaches that are still happening. The two breaches I found most interesting where a treasure trove of business data (not credit card data) was exfiltrated, and subsequently released would have to be the 2014 Sony Hack and more recently the Panama Papers hack. With this in mind, there has never been a better time for more discussion around how we think about data protection in our businesses than now.

I am partial to these hacks because as a business owner, especially one in the website security industry, the threat of a compromise is very real. We work under the guise that someone is always watching and the fact that a compromise is inevitable. As such, a lot of what we do is about minimizing the exposure and impact when it happens. There are many ways to do this as well as many areas to focus on, but one particular domain for us is the protection of the data that keeps our company going.

Java Zero Day: Two Vulnerabilities

Published in Security on August 28, 2012

Yesterday was an interesting one for the security world, it was a buzz over the new Java 0-Day and today is no different.

It turns out however that it’s not just one (1) zero-day, it’s two and they were introduced back in July of 2011. We shared our initial thoughts on the vulnerability yesterday.

Today though Esteban Guillardoy put out a more in-depth analysis of the vulnerability. Thought you too would enjoy the read. It’s good to note that I’m by no means well-versed on desktop based malware but I still enjoyed the read, my focus is web-based malware.

DNSChanger Malware: Verifying You Are Clean

Published in Security on July 7, 2012

There has been a lot of buzz this week about the DNSChanger malware, I wanted to take a minute to summarize it for my friends and family.

History

If you’re curious what this is and why it is so important then read this section.

What’s important to note is that DNSChanger is a type of malware. Its been generalized in all the discussion, but there are a number of variants out there. For instance the group that was arrested, that has led to all this commotion, were distributing a number of variants: TDSS, Alureon, TidServ, and TDL4 viruses.

As for some history, back on November 8th, 2011, the FBI and Estonian police arrested a number of cyber criminals under an effort titled Operation Ghost Click. The challenge here became the cybercriminals had put in place a number of their own DNS server. For those not familiar, these DNS server are what allow you to interact on the internet. They are, for lack of a better word, your gateway to the interwebs. This was important because once they were able to infect your local computer with the virus, it’d traverse its way to your router which would then modify your local DNS settings. This would then point your machine to one of the malicious DNS servers. To you, it was probably unnoticeable, you’d still visit your webmail and your favorite social networking sites (e.g., Facebook, G+, etc…) but from time to time you’d find yourself on pages selling you things you weren’t looking for. This was done because they would make money on the click throughs, in this little effort they made something in the neighborhood of $14 million

Selecting a MAC Anti-Virus Solution

Published in Security on June 15, 2012

I am what most would consider to be a new adopter of Apple machines, less than 6 months, other than the obvious iPhone that is. It’s important to note though that this hasn’t been my first try, I attempted the conversion about 14 months ago and failed miserably. I found myself secretly getting my Windows fix without letting my colleagues know and that eventually led me into withdrawals and finally back on a Windows box, but I digress…

Then came the day I went full-time as an entrepreneur and my partners, being the security freaks that they are, banned me from using Window’s products on our network. My option was a distro of Linux, and as fun of an experience as that was, cough, I found the need for what I would consider a more robust UNIX based products – in enters Apple again.

It just so happens that I made the conversion just as the Flashback / Flashfake outbreak hit the streets. Oh you know, that little outbreak that got every one up in arms over Apple’s security policies and rumored to have over 600,000 MAC’s infected world-wide.

So naturally, my obvious reaction was, “WTF!!!!”